[Federal Register Volume 74, Number 195 (Friday, October 9, 2009)]
[Notices]
[Pages 52183-52184]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-24430]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. 0909301329-91332-01]


Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber 
Security Strategy and Requirements; Request for Comments

AGENCY: National Institute of Standards and Technology (NIST), 
Department of Commerce.

ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
seeks comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy 
and Requirements. This initial draft of the document contains the 
overall security strategy for the Smart Grid. Contents include: 
Development of vulnerability classes, identification of well-understood 
security problems that need to be addressed, selection and development 
of security-relevant use cases, initial privacy impact assessment, 
identification and analysis of interfaces identified in six functional 
priority areas, advanced metering infrastructure (AMI) security 
requirements, and selection of a suite of security documents that will 
be used as the base for determining and tailoring security 
requirements. This is the first draft of NISTIR 7628; NIST plans to 
post a subsequent draft of this report for additional public comments.

DATES: Comments must be received on or before December 1, 2009.

ADDRESSES: Written comments may be sent to: Annabelle Lee, National 
Institute of Standards and Technology, 100 Bureau Dr., Stop 8930, 
Gaithersburg, MD 20899-8930. Electronic comments may be sent to: 
[email protected].
    The report is available at: http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-7628.

FOR FURTHER INFORMATION CONTACT: Annabelle Lee, National Institute of 
Standards and Technology, 100 Bureau Dr., Stop 8930, Gaithersburg, MD 
20899-8930, telephone (301) 975-8897.

SUPPLEMENTARY INFORMATION: Section 1305 of the Energy Independence and 
Security Act (EISA) of 2007 (Pub. L. 110-140) requires the Director of 
the National Institute of Standards and Technology (NIST) ``to 
coordinate the development of a framework that includes protocols and 
model standards for information management to achieve interoperability 
of smart grid devices and systems.'' EISA also specifies that, ``It is 
the policy of the United States to support the modernization of the 
Nation's electricity transmission and distribution system to maintain a 
reliable and secure electricity infrastructure that can meet future 
demand growth and to achieve each of the following, which together 
characterize a Smart Grid: * * *
    (1) Increased use of digital information and controls technology to 
improve reliability, security, and efficiency of the electric grid.
    (2) Dynamic optimization of grid operations and resources, with 
full cyber-security.''
    With the transition to the Smart Grid--the ongoing transformation 
of the nation's electric system to a two-way flow of electricity and 
information--the information technology (IT) and telecommunications 
infrastructures have become critical to the energy sector 
infrastructure.
    NIST recently issued the NIST Framework and Roadmap for Smart Grid 
Interoperability Standards, Release 1.0 (draft for public review and 
comment). The report is an output of NIST's approach to expediting 
development of key standards and requirements necessary for Smart Grid 
interoperability and cyber security.
    The report includes a high-level summary (Chapter 6) of draft 
NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements. The 
report on the interoperability framework and standards roadmap, as well 
as the Federal Register notice soliciting public comments on the 
report, advised that NIST also was submitting this companion draft 
document on cyber security for public review and comment.
    NIST has established a Smart Grid Cyber Security Coordination Task 
Group (CSCTG) which includes members from the public and private 
sectors, academia, regulatory organizations, and federal agencies. The 
CSCTG is identifying a comprehensive set of cyber security 
requirements. These requirements are being identified using a high-
level risk assessment process that is defined in the cyber security 
strategy for the Smart Grid.
    The DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber 
Security Strategy and Requirements includes the initial risk assessment 
documents (vulnerability classes and bottom-up analysis); security-
relevant use cases; a base set of security requirements with cross-
referenced security standards; diagrams of a set of functional priority 
areas and interfaces, including interface categories with constraints 
and issues and impacts; initial privacy impact assessment; and AMI 
security requirements.
    Request for Comments: NIST seeks public comments on the report. The 
document will be revised on the basis of comments received, and a 
second draft will be published for public comment. In addition, the 
second draft will include the overall Smart Grid security architecture 
and the security requirements.
    The final version of NISTIR 7628 will address all comments received 
to date. The document will have the final set of security controls and 
the final security architecture.
    Comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy 
and Requirements should be submitted in accordance with the DATES and 
ADDRESSES sections of this notice.


[[Page 52184]]


    Dated: October 6, 2009.
Patrick Gallagher,
Deputy Director.
[FR Doc. E9-24430 Filed 10-8-09; 8:45 am]
BILLING CODE 3510-13-P